Mailsending ipv6 to Google-Mailservice fails

Discussion in 'Server Operation' started by muelli75, Aug 14, 2022.

Tags:
Page 1 of 2
  1. muelli75

    muelli75 Member

    Hi!

    If I our mailserver sends mails to gmail, the delivering fails. This is the bounce of gMail

    Code:
                       The mail system

<[email protected]>: host
    gmail-smtp-in.l.google.com[2a00:1450:4025:402::1a] said: 550-5.7.1
    [2a01:4f8:212:f65::2] Our system has detected that this message does
    550-5.7.1 not meet IPv6 sending guidelines regarding PTR records and
    550-5.7.1 authentication. Please review 550-5.7.1
    https://support.google.com/mail/?p=IPv6AuthError for more information 550
    5.7.1 . w13-20020a05640234cd00b0043bd6cf51d1si5536605edc.530 - gsmtp (in
    reply to end of DATA command)

Reporting-MTA: dns; tesoro2.products4more.at
X-Postfix-Queue-ID: D8ECA4A21450
X-Postfix-Sender: rfc822; [email protected]
Arrival-Date: Sun, 14 Aug 2022 02:16:05 +0200 (CEST)

Final-Recipient: rfc822; [email protected]
Original-Recipient: rfc822;[email protected]
Action: failed
Status: 5.7.1
Remote-MTA: dns; gmail-smtp-in.l.google.com
Diagnostic-Code: smtp; 550-5.7.1 [2a01:4f8:212:f65::2] Our system has detected
   that this message does 550-5.7.1 not meet IPv6 sending guidelines regarding
   PTR records and 550-5.7.1 authentication. Please review 550-5.7.1
   https://support.google.com/mail/?p=IPv6AuthError for more information 550
   5.7.1 . w13-20020a05640234cd00b0043bd6cf51d1si5536605edc.530 - gsmtp
    If I check the PTR-Record of our system (https://network-tools.webwiz.net/reverse-dns.htm)
    all seems fine. There is a PTR-Record to 2a01:4f8:212:f65:: which we set on the admin-panel of our server-provider. Take a look on this screenshot.
    [​IMG] https://ibb.co/myKGZrg [/IMG]

    Now lets have a look to
    Code:
    admin@customermail # ifconfig
enp0s31f6: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 136.243.47.106  netmask 255.255.255.192  broadcast 136.243.47.127
        inet6 fe80::921b:eff:fedb:519  prefixlen 64  scopeid 0x20<link>
        inet6 2a01:4f8:212:f65::2  prefixlen 64  scopeid 0x0<global>
    Any ideas what is to do, to make the delivering to gmail possible?

    Thanks in advance, Martin
     
    muelli75, Aug 14, 2022
    #1
  2. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    Th0m, Aug 14, 2022
    #2
    muelli75 likes this.
  3. muelli75

    muelli75 Member

    muelli75, Aug 15, 2022
    #3
    Th0m likes this.
  4. muelli75

    muelli75 Member

    Hm - the posted solution works for mail pointing directly to gmail but not for domains which are hosted at googleservices.

    So, if we send mails to [email protected] there comes the following bounce
    Code:
    Betreff:     Undelivered Mail Returned to Sender
Datum:     Fri, XX XXXX 2022 14:32:08 +0200 (CEST)
Von:     Mail Delivery System <[email protected]>
An:     [email protected]


This is the mail system at host tesoro2.products4more.at.

I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.

For further assistance, please send mail to postmaster.

If you do so, please include this problem report. You can
delete your own text from the attached returned message.

The mail system

<[email protected]>: host ASPMX.L.GOOGLE.COM[2a00:1450:4025:402::1a]
said: 550-5.7.1 [2a01:4f8:212:f65::2] Our system has detected that this
message does 550-5.7.1 not meet IPv6 sending guidelines regarding PTR
records and 550-5.7.1 authentication. Please review 550-5.7.1
https://support.google.com/mail/?p=IPv6AuthError for more information 550
5.7.1 . cr13-20020a170906d54d00b00730632d2a0fsi1725389ejc.452 - gsmtp (in
reply to end of DATA command)
    We got 4 such bounces in the last days for different domains, so fixing that with transportmaps is rather cumbersome.

    Any other ideas how to fix that ip4/ip6-problem?

    TIA, Martin
     
    muelli75, Sep 4, 2022
    #4
  5. till

    till Super Moderator Staff Member ISPConfig Developer

    According to Google, you missed setting up a correct PTR record for your IPv6 address.
     
    till, Sep 4, 2022
    #5
  6. muelli75

    muelli75 Member

    Yes till, you are right - but I did a IPv6-setup as mentioned in my initial post.

    Here is another small piece of the puzzle to confirm the correctness of the setup
    Code:
    #ip -6 addr show scope global
2: enp0s31f6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
    inet6 2a01:4f8:212:f65::2/64 scope global
       valid_lft forever preferred_lft forever
    and the proof of ptr-check-service
    [​IMG][​IMG]
    https://ibb.co/BnCMQrg
     
    muelli75, Sep 4, 2022
    #6
  7. till

    till Super Moderator Staff Member ISPConfig Developer

    Add a PTR record for the exact IPv6 IP, not the subnet. Add a PTR for 2a01:4f8:212:f65::2 that you are using for sending. It might be that you have to remove the one for the subnet.

    I received the same error on some of my servers and they are gone after adding a PTR for the exact IPv6 address.
     
    till, Sep 4, 2022
    #7
  8. muelli75

    muelli75 Member

    thank you - additional ptr is done. so lets have a look if that helped.
     
    muelli75, Sep 4, 2022
    #8
  9. odea

    odea New Member

    Hi Till,
    I'm very curious to know how you did it, I read a lot of different way to do that.
    I also had an "ipv6 ptr" issue with gmail, so I disabled ipv6 with postfix, but emails are still considered as spam from gmail (I have SPF, DMARC, DKIM), I have no error message from gmail, so I don't know why my emails are considered as spam, and DMARC checks are OK. I want to try to re-enable ipv6 in postfix and add an ipv6 ptr record to see if it solves the problem.

    For ipv4 I did that :
    upload_2023-8-16_22-38-39.png
    Then, inside this zone :
    upload_2023-8-16_22-39-37.png

    First is it the correct way to do it for ipv4 ? and if so, is it the same way to do it for ipv6 ?
    I read that I need a AAAA record (in what zone ?)
    here is my ipv6, and it's DNS format :
    2001:41d0:e:942::1 in reverse DNS format:
    1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.4.9.0.e.0.0.0.0.d.1.4.1.0.0.2.ip6.arpa
    Thanks for the help !
     
    odea, Aug 16, 2023
    #9
  10. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    Probably not.
    Read my tutorial on name service with ISPConfig, link in my signature.
    Same zone as the A record.
     
    Taleman, Aug 17, 2023
    #10
  11. odea

    odea New Member

    Hi Taleman,
    thanks for your reply !
    I read you tutorial, and indeed you said that :
    So I connected to my OVH admin panel and I have this :
    upload_2023-8-17_10-42-46.png
    Unfortunately, if I try to put ns1.vegan.fr as reverse name for ipv6 IP I have this message :
    upload_2023-8-17_10-45-12.png
    :confused:
    Also, if I can not use my own name server, then what do I have to do in ispconfig ?
     
    odea, Aug 17, 2023
    #11
  12. till

    till Super Moderator Staff Member ISPConfig Developer

    The reverse record has to be set in the authoritative DNS server for the IP address (which is OVH in this case) and not on your own DNS server. Your DNS server is used for the DNS record of the domain, not the reverse record.

    According to the error message, you must create an AAAA record in the zone vegan.fr for ns1 pointing to that IPv6 IP address.
     
    till, Aug 17, 2023
    #12
  13. odea

    odea New Member

    I added an AAAA record for ns1.vegan.fr, now I have :
    upload_2023-8-17_11-10-37.png
    it looks like I still have to do something in ispconfig...
    edit: I was writing this message while you replied till, thanks for your answer
     
    odea, Aug 17, 2023
    #13
  14. odea

    odea New Member

    my mistake : I used the ipv6 proposed by default by ispconfig, it seems that it wasn't the good one. Now it works ! Thanks :)
    Do I still have to do something in ispconfig ?
    I have to ask OVH to add a PTR record ? everybody does that ?
     
    odea, Aug 17, 2023
    #14
  15. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    DNS is now OK for IPv6 and PTR. So nothing to do for those. Since you hijacked this old thread, I am not sure if there is some other ultimate problem you are trying to resolve.
    From what you wrote in #11 I assumed you understood the PTR record registration? Maybe you should formulate your question more explicitly.
     
    Taleman, Aug 17, 2023
    #15
  16. till

    till Super Moderator Staff Member ISPConfig Developer

    No, except that you might want to delete the reverse zone in ISPConfig as your system should not have that when it is not the DNS server that is responsible for that reverse zones.

    As long as the IP owner (which is OVH and not you) has not delegated DNS for this IP to your DNS server (which OVH likely will not do and which other server providers or datacenters do not do as well), then you'll have to use the DNS of OVH for the reverse record. Running your own DNS for reverse zones is not very common for 'retail' users, so as long as you do not run your own datacenter, its not very likely that you set up a reverse zone on your own DNS server,
     
    till, Aug 17, 2023
    #16
  17. odea

    odea New Member

    That's clear, thank you Taleman and till for your help :) and sorry for digging this old thread
     
    odea, Aug 17, 2023
    #17
  18. odea

    odea New Member

    FYI it solved some problem but not all, my emails are still considered as spam from gmail, I'm trying to sign into their "postmater tools" to have some details stats about why emails are seeing as spam from google. Maybe a bad reputation IP, I don't know yet.
     
    odea, Aug 17, 2023
    #18
  19. till

    till Super Moderator Staff Member ISPConfig Developer

    And take care you have set up spf record and also activated dkim mail signing.
     
    till, Aug 17, 2023
    #19
  20. odea

    odea New Member

    Yes, SPF and DKIM checks passed, "The Truth Is Out There" !
     
    odea, Aug 17, 2023
    #20
Page 1 of 2

Share This Page